Installing the VPN service using the Add Roles and Features on a Windows 2016 Server failed all the time …
In the Event Viewer we could see these events :
Event ID 7041 :
The MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT##WID with the currently configured password due to the following error:
Logon failure: the user has not been granted the requested logon type at this computer.
Domain and account: NT SERVICE\MSSQL$MICROSOFT##WID
This service account does not have the required user right “Log on as a service.”
So the configuration manager could not install the local Windows Database, because lack of credentials to run as a service.
So basically it boils down to get the GPO adapted with the correct credential settings.
1. To edit this setting, open Group Policy Management and edit the Default Domain Policy (Or other policies if they are applied like in my case)
Navigate to Computer Configuration, Policies, Windows Settings, Security Settings, Local Policies, User Rights Assignments.
Edit Log on as a service and add the following groups:
NT SERVICE\ALL SERVICES
2. See here KB 2832204 :
- Assign the Log on as a service user right to
- NT SERVICE\ALL SERVICES in the GPO that defines the
- user right.
Next Run gpupdate /force
Next REBOOT the server …
After this the Feature was installed successfully
And you are ready to Configure the VPN Access.
Do not use the Server Management Dashboard
But use the manual configuration method instead.
3. Configuration :
Configuration of simple VPN Follow these Steps :
Also check the Firewall settings